1. Home
  2. Forum
  3. ASP.NET MVC - EJ 2
  4. PDF signature validation fails when signed with ECDSA-SHA256

PDF signature validation fails when signed with ECDSA-SHA256

Hello!

A PDF file that was successfully signed using the PdfSignature class cannot be validates afterwards.

The digital ID used to sign the PDF is a self-signed one, created with the elliptic curve encryption algorithm and SHA-256 as the digest algorithm.

The simplified code I'm using for validation is:

var doc = new PdfLoadedDocument(filename);
var sf = form.Fields[0] as PdfLoadedSignatureField;
var result = sf.ValidateSignature();

The 'result' variable after the validation contains:

Pdf validate signature invalid.png

The collection 'SignatureValidationErrors' contains one item with the text "The document has been altered or corrupted since the signature was applied".

As a side note, the file was not modified after being signed; also when opening the PDF in Adobe the signature is validated without problems.

I'm attaching a sample PDF file for you to check.

Can you please confirm if this is a bug with ECDSA-sha256 signed files? I'm using SF version 20.1.0.56

Thank you

Alex




Attachment: 20205934740_84174fda.zip

6 Replies
GK Gowthamraj Kumar Syncfusion Team May 23, 2022 10:38 AM UTC

Hi Alejandro,


We were able to reproduce the reported issue with provided details on our end. Currently, we are validating on this and we will update the further details on May 25th 2022.

Regards,

Gowthamraj K


GK Gowthamraj Kumar Syncfusion Team May 25, 2022 02:24 PM UTC

Hi Alejandro,


We confirmed the issue “PDF signature validation fails when verifying digitally signed with the ECDSA-SHA256 algorithm” as a defect in our product. Since you are using a weekly NuGet release version, we will include the fix for this issue in our weekly NuGet release, which will be available on June 7th, 2022.


Please use the below feedback link to track the status of the reported bug.

https://www.syncfusion.com/feedback/35187/pdf-signature-validation-fails-when-verifying-digitally-signed-with-the-ecdsa


Note: If you require patch for the reported issue in any of our Essential Studio Main or SP release version, then kindly let us know the version, so that we can provide a patch in that version based on our SLA policy.


Please let us know if you need any further assistance in this.


Regards,

Gowthamraj K


AL Alejandro May 26, 2022 03:19 PM UTC

Hello Gowthamraj,


Thank you for your feedback on the reported issue.

I'll be waiting for the weekly nuget release on june 7th.


Regards,

Alex





GK Gowthamraj Kumar Syncfusion Team June 7, 2022 10:05 AM UTC

Hi Alejandro,


We have included the fix for the reported issue “PDF signature validation fails when verifying digitally signed with the ECDSA-SHA256 algorithm” in our latest weekly NuGet release (v20.1.0.59). Please use the below link to download our latest weekly NuGet,     

https://www.nuget.org/packages/Syncfusion.Pdf.AspNet.Mvc5/20.1.0.59   


Please let us know if you have any concerns about this 


Regards,

Gowthamraj K


AL Alejandro June 13, 2022 12:19 PM UTC

Hello Gowthamraj,


I made a test with the weekly release 20.1.0.59 and the validation of document signed with ECDSA was successful.


Thank you for your support

Regards

Alex



GK Gowthamraj Kumar Syncfusion Team June 14, 2022 05:56 AM UTC

Hi Alejandro,


Thank you for your update. We are glad to know that the reported issue is resolved.


Please let us know if you need any further assistance in this.


Regards,

Gowthamraj K


Loader.
Up arrow icon